Are your employees following best security practices?
Oct 13, 2020
Financial Institutions
As of the time I'm writing this, it has been over six months since Wipfli originally directed us to work from home. While I was technically allowed to return to my office in June (at reduced capacity and subject to local restrictions), most employees at Wipfli still choose to work from home.
When I talk to my clients, I hear the same kinds of stories. Many of our clients still have a large number of employees working from home, and for those who have returned to “business as usual,” they still have the capability to send people home whenever they need to.
What kind of security precautions did you take for remote access? Did you have to create a program from scratch? Did you let employees take equipment home? I know of one of our clients allowed their employees to work from home by connecting to the Bank’s VPN client with their own personal computers at their house, but this requires a fairly sophisticated product to do safely.
Whatever you did in 2020, make sure you update your policies and procedures to match your new processes. If you were a “we do not allow remote connections to our network” organization in 2019, you will need to amend that policy in 2020. It’s also safe to say that the pandemic plan you wrote in 2007 was not particularly effective, and I’m sure it’s going to get a thorough rewrite in 2021.
We’ve also seen that some of our team members work very well from home, and as we move forward, we may want to let people continue working from home.
One challenge we have in a work-from-home environment, though, is that people lose the feel of being “at work,” and they lose some of the vigilance that goes with that; 2020 has proven to be a good year for hackers. Whether due to social isolation, the lack of the structure of the work environment, or the general malaise that has accompanied this difficult year, employees are paying less attention to what they click on and the kind of websites they're going to. Phishing and email attacks are on the rise.
Now may be a very good time to perform your social engineering tests. Email spoofing is a great way to determine whether your employees are following the right protocols when opening email.
And for those employees who are staffing your branches, now is also a good time to perform physical penetration testing.
How Wipfli can help
Reach out to your Wipfli relationship manager or click here to learn more about how we can help you make sure your employees are keeping your environment safe, no matter where they are.
Related content:
Worried about cyber threats? Here are 3 ways MDR can help prevent data breaches
Healthy online payment practices for financial institutions amid COVID-19
Overworked and underappreciated? Common pitfalls for financial institution ISOs
It’s not a short list: Financial institution ISO roles and responsibilities
Author(s)
Wipfli Editorial Team